IETF Logo Mail Archive

Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 15 January 2019 01:30 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92C7C123FFD; Mon, 14 Jan 2019 17:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BBjMok8_k2Q; Mon, 14 Jan 2019 17:30:02 -0800 (PST)
Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDF511200D7; Mon, 14 Jan 2019 17:30:01 -0800 (PST)
Received: by mail-pf1-x42c.google.com with SMTP id w73so470522pfk.10; Mon, 14 Jan 2019 17:30:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=DWSMBYs31QfoeF1BUWi0k1kggJ2C8cqpSqdoXUTwS/g=; b=uQC6ooZwHXt2Hk++GNvSq0uFHQEcR5ERBzUIdKqupaOMWALihv0hJ1aUsvejyqv7Nr Ce9VfKUnKOUYKyiA0Ot66XutmIlc7xKh2faS5BVCLjEPmORLalymyvvtnXpY8s/ms/Jz zQ+LUJnpaCBOyCJDcQF43SD8L7hl3b/OPN5GZ/H4oPeCRpyUr/w4HA6TbnD4E66JNS9V sIT8H+LQNAlQsbTerGnr/ev2iPLqiZKu85KDfOw2koun3px7DV2Nl5Ey1bamWDNo2PSP EZTgHjcyTsDS8VrNhCmglpA2xuXBfp1a6Ut+LLXymCEEXctM8aRgv0r/kkcSWwgKRSMX HZ0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=DWSMBYs31QfoeF1BUWi0k1kggJ2C8cqpSqdoXUTwS/g=; b=Hc9DYbBsMgq76i2ij3eIM/qHJqd5KkS0w0im3S9wPJn0WblCF7svKgLpmNQtQDH0Dq T8VOIZhZMrPup1+ThdGW0ycuJsmQ4Ha6PPIFyhPW/OIKAjug98nXJWaxrnqZcSHKQTCT Uo3ZH2+JdXZET5PsUOh4L3HoyXMtUdmSLSXGOXKBn5sACxvUxC4zS2P2hsVmZfutUefT HoyWU0f+EdbzYj4SrFJy+hi5doohfrwI4a1cltCNCvYX5E5qhWvr6Z08gHOzxQFo3gt4 Y3/H6KQ39DaMVBuNwYMx/ti5AQla+bllc8+Ao0mlx4KNgNYceldctPaxRI02HLbkjT1Q 2BmQ==
X-Gm-Message-State: AJcUukfcExaPflZyAunrjxb55pUYSAx9AY85Uc7vvlYgjiTPx8aN1zqx bagmCIjjXoBaaE4E4l+6GiycRX3j
X-Google-Smtp-Source: ALg8bN4Vr79SuI6hBbICHivCo0m+5MC2og0j56Ej96HVeXneGVwH1S7HygxnFMWWehjn6lS7w3EZkA==
X-Received: by 2002:a62:399b:: with SMTP id u27mr1373795pfj.181.1547515800922; Mon, 14 Jan 2019 17:30:00 -0800 (PST)
Received: from [130.216.38.96] (sc-cs-567-laptop.uoa.auckland.ac.nz. [130.216.38.96]) by smtp.gmail.com with ESMTPSA id z62sm2356051pfi.4.2019.01.14.17.29.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Jan 2019 17:29:59 -0800 (PST)
To: Tom Herbert <tom@herbertland.com>, "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: "internet-area@ietf.org" <int-area@ietf.org>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
References: <D060DC26-15C7-4D3F-A3C5-641072C75CC5@ericsson.com> <4a283194-98f5-8f38-211a-29cfbc4c9c3e@joelhalpern.com> <CALx6S36btHxs0UTjahSMXEmOgfnQMAD+xYVFam=vKvQQfvOVdQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <0bb095ac-4511-d3a9-31f1-7bf382bfd318@gmail.com>
Date: Tue, 15 Jan 2019 14:29:53 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CALx6S36btHxs0UTjahSMXEmOgfnQMAD+xYVFam=vKvQQfvOVdQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/fko5mB-lLybESZmcUAYcNx1YLrk>
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 01:30:07 -0000

On 2019-01-15 11:04, Tom Herbert wrote:
> Hello. I have a couple of comments:
> 
>>From the draft:
> "Middle boxes SHOULD process IP fragments in a manner that is
> compliant with RFC 791 and RFC 8200.  In many cases, middle boxes must
> maintain state in order to achieve this goal."
> 
> This requirement is confusing to me on several accounts. 

Me too. I think the root of the problem is the word "compliant". To
be compliant with the IP model, middleboxes should not exist. I think
what the text is trying to say is more like:

"Middle boxes SHOULD process IP fragments in a manner that is
consistent with RFC 791 and RFC 8200."

That's a requirement for effective transparency, not for compliance.

> First of all,
> there are a lot of requirements about fragmentation in both RFC791 and
> RFC8200, including some MUSTs. This requirement seems to be updating
> and possibly relaxing some of those requirements, but is not specific.
> This seems ambiguous as a normative requirement.
> 
> Secondly, the only specified interaction between fragmentation and
> intermediate nodes is that routers can fragment packets in IPv4. Other
> than that, a middlebox that complies with RFC791 and RFC8200 does not
> process or consider fragmentation of packets. Given that, it's unclear
> to me why middle boxes would need to maintain state to be protocol
> compliant. It's possible that the implicit exception of the
> requirement is that middleboxes might perform "in-network reassembly"
> or "virtual reassemlby" which would require state. If that is indeed
> the case then the requirements for the mechanisms should be spelled
> out.
> 
> For stateless load balancing (described in section 4.4), the IPv6 flow
> label obviates the need for DPI. It is sufficient to hash over the
> three tuple <saddr, daddr, flow label> to get good load balancing. All
> major OSes have been updated to set flow labels, and there are devices
> that already support this. IMO, the draft should make using flow label
> for stateless load balancing a SHOULD.

Agreed, and the text would need to be a bit reorganized for that, by
separating the v4 and v6 cases completely. Also things are rather
different for in-transit load balancing (including ECMP and LAG) and
server load balancing, but I don't think that changes the recommendation.
The draft could cite RFC7098 for the server case. In RFC7098, we
assumed that the balancer could revert to the old DPI method if the flow
label is zero, which may lead to a fail if the packet is fragmented.
But for in-transit load balancing of large numbers of flows, the
{source, dest, flow_label} tuple will provide entropy even if the
flow label is zero.

  Brian
 
> 
> Tom
> 
> On Mon, Jan 14, 2019 at 11:55 AM Joel M. Halpern <jmh@joelhalpern.com> wrote:
>>
>> I have re-read this document.  I think it is a useful document that
>> captures that state of a complex tradeoff and makes effective
>> recommendations. I support publishing it as a BCP.
>>
>> If the authors make further additions, adding a mention of ECMP as a
>> particular case of stateless load balancers might further improve the
>> document.
>>
>> Yours,
>> Joel
>>
>> On 1/14/19 1:13 PM, Wassim Haddad wrote:
>>> Dear all,
>>>
>>> This email starts an Int-Area WG Last Call on the latest version of "IP Fragmentation Considered Fragile” draft:
>>>
>>> https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-05
>>>
>>> Please respond to this email to support the document and/or send comments by 2019-01-28.
>>>
>>> Please indicate if you are personally aware of any IPR that applies to draft-ietf-intarea-frag-fragile-xx?
>>> If so, has this IPR been disclosed in compliance with IETF IPR rules?
>>>
>>>
>>> Regards,
>>>
>>> Juan & Wassim
>>> _______________________________________________
>>> Int-area mailing list
>>> Int-area@ietf.org
>>> https://www.ietf.org/mailman/listinfo/int-area
>>>
>>
>> _______________________________________________
>> Int-area mailing list
>> Int-area@ietf.org
>> https://www.ietf.org/mailman/listinfo/int-area
> 
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>

v2.23.0 | Report a Bug | By Email